Verify app authenticity

Pass Instance ID tokens to your server and use the Instance ID
service to verify the app package name and check if it has a valid signature.
Verifying tokens with the Instance ID Cloud Service helps identify known
apps. To reduce cost and redundant round trip communications, configure your
server to store these tokens so the check is needed only once.
In the event of a security concern, your app can `deleteTokens`, or
Instance ID itself, and generate new ones. In addition, the
Instance ID server initiates token or Instance ID refresh if it
detects bugs or security issues.

Note: verifying app authenticity is
available only for apps distributed by Google Play.

Confirm app device is active

The Instance ID server can tell you when the device on which your app
is installed was last used. Use this to decide whether to keep data from your
app or send a push message to reengage with your users.

Identify and track apps

Instance ID is unique across all app instances across the world, so
your database can use it to uniquely identify and track app instances. Your
server-side code can verify, via the Instance ID cloud service, that an
Instance ID is genuine and is the same ID as the original app that
registered with your server. For privacy, your app can delete an Instance ID so
it is no longer associated with any history in the database. The next time your
app calls Instance ID it will get an entirely new Instance ID with no
relationship to its previous one.

Instance ID lifecycle

The Instance ID service issues an InstanceID when your app comes online.
The InstanceID is backed by a public/private key pair with the private key stored
on the local device and the public key registered with the Instance ID service.

Your app can request a fresh InstanceID whenever needed using the getID()
method. Your app can store it on your server if you have one that supports
your app.

Your app can request tokens from the Instance ID service as needed
using the getToken() method, and like InstanceID, your app can also store
tokens on your own server. All tokens issued to your app belong to the app's
InstanceID.

Tokens are unique and secure, but your app or the Instance ID service
may need to refresh tokens in the event of a security issue or when a user
uninstalls and reinstalls your app during device restoration. Your app must
implement a listener to respond to token refresh requests from the
Instance ID service.

Client implementation

Instance ID runs on both Android and iOS. Each requires you to include
the appropriate library in your client app. Android requires
Google Play Services. You will need a Project ID generated
by the Google Developers Console if you intend
to generate tokens.

For detailed instructions, see the Android
and iOS implementation guides.